Rapid7 Vulnerability & Exploit Database

CESA-2003:096: samba security update

Back to Search

CESA-2003:096: samba security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
03/31/2003
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated Samba packages are now available to fix security vulnerabilities found during a code audit.

Samba is a suite of utilities which provides file and printer sharing services to SMB/CIFS clients. Sebastian Krahmer discovered a security vulnerability present in unpatched versions of Samba prior to 2.2.8. An anonymous user could use the vulnerability to gain root access on the target machine. Additionally, a race condition could allow an attacker to overwrite critical system files. All users of Samba are advised to update to the erratum packages which contain patches to correct these vulnerabilities. These packages contain the security fixes backported to the Samba 2.2.7 codebase.

Solution(s)

  • centos-upgrade-samba
  • centos-upgrade-samba-client
  • centos-upgrade-samba-common
  • centos-upgrade-samba-swat

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;